Arbitrary File Upload Vulnerability in Laravel-Admin by Laravel
CVE-2023-24249

7.2HIGH

Key Information:

Vendor: Laravel-admin
Status: Laravel-admin
Vendor: CVE Published:; 27 February 2023

What is CVE-2023-24249?

An arbitrary file upload vulnerability identified in Laravel-Admin version 1.8.19 allows attackers to upload malicious PHP files, enabling them to execute arbitrary code on the server. This vulnerability poses a significant security risk, exposing systems to potential breaches and unauthorized access. It is crucial for users of the affected product to apply necessary patches and/or upgrades to safeguard their systems against exploitation.

References

https://laravel-admin.org/

https://github.com/z-song/laravel-admin

https://flyd.uk/post/cve-2023-24249/

EPSS Score

39% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2023
Vulnerability Reserved
Jan 23, 2023

Laravel-admin

What is CVE-2023-24249?

References

EPSS Score

CVSS V3.1

Timeline